Security researchers identified a new openSSL vulnerability, called DROWN( Decrypting RSA With Obsolete and Weakened Encryption ) on March 2016. This attack was focused on servers that uses the more secure TLS protocol, which also supports the obsolete SSLv2.This vulnerability allows an attacker to decrypt the highly secured TLS encrypted communication, if the server houses SSLv2 cipher support.

DROWN was assigned the CVE-2016-0800 id by the us-nert on march (https://www.us-cert.gov/ncas/bulletins/SB16-067 ).

More than 11 million websites that uses TLS were vulnerable to DROWN attack.If your website is protected by TLS and your server directly on indirectly supports the older SSLv2 , you are also vulnerable and an attacker may exploit it to get important information such as user names, password, financial credentials,important documents ..etc. Continue reading…